PT-2025-1452 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to Directory Traversal via the Email/SaveAttachment function. This allows unauthorized access to sensitive files and directories. Recommendations: Fo...

PT-2025-1459 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to a Cross Site Scripting XSS vulnerability via the Filter/FilterEditor function. This allows for potential malicious script execution. No informatio...

PT-2025-1451 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to a Directory Traversal vulnerability via the Attachment/DownloadTempFile function. This allows unauthorized access to sensitive files and...

PT-2025-3867 · Unknown · Exelban Stats

Name of the Vulnerable Software and Affected Versions: exelban stats versions up to 2.11.21 Description: A critical issue has been found in the shouldAcceptNewConnection function of the XPC Service component, leading to command injection. This issue can be exploited locally. Recommendations: For...

PT-2025-3875 · Unknown · Liujianview Gymxmjpa

Name of the Vulnerable Software and Affected Versions: liujianview gymxmjpa version 1.0 Description: A critical vulnerability has been found in the CoachController function of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the coachName argument...

CVE-2024-57228

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vifdisable function...

PT-2025-3418 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the ifname parameter in the apcli do enr pbc wps function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.03...

PT-2025-1632

Name of the Vulnerable Software and Affected Versions WebinarPress plugin for WordPress versions up to, and including, 1.33.24 Description The WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the sync-import-imgs function and missing...

PT-2025-2020 · Unknown · Zerowdd Studentmanager

Name of the Vulnerable Software and Affected Versions: ZeroWdd studentmanager version 1.0 Description: A critical vulnerability was found in ZeroWdd studentmanager, affecting the addTeacher/editTeacher function of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController.java. Th...

PT-2024-17920 · Unknown · Phpgurukul Land Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Land Record System version 1.0 Description: A vulnerability was found in the PHPGurukul Land Record System, affecting an unknown function of the file /admin/add-property.php. The manipulation of the Land Subtype argument leads to...

PT-2025-3477 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version V15.03.05.19 Description: A command injection issue exists due to the lack of neutralization of special elements when processing the usbName parameter in the formSetSambaConf function. This allows a remote attacker to execu...

PT-2024-17809 · Code Projects · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue affects the add edu function of the file / parse/ all edits.php. The manipulation of the degree argument leads to SQL injection. The attack may be initiated remotely. Oth...

PT-2024-17807 · Code Projects · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A critical issue was found in the Simple Admin Panel, affecting an unknown function of the file addVariationController.php. The manipulation of the qty argument leads to SQL injection...

PT-2024-9923 · Unknown · Job Recruitment

Name of the Vulnerable Software and Affected Versions: Job Recruitment version 1.0 Description: A critical vulnerability has been found in the function fln update of the file / parse/ all edits.php. The issue is related to the lack of neutralization of special elements when processing the...

PT-2024-36521 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS versions =13.0 Description: The issue allows for command execution in the phome.php file through the Ebak RepPathFiletext function. This enables an attacker to execute commands on the system. Recommendations: For SeaCMS versions =13.0,...

PT-2024-17694 · Fabulatech · Fabulatech Usb Over Network

Name of the Vulnerable Software and Affected Versions: FabulaTech USB over Network version 6.0.6.1 Description: A problematic vulnerability was found in the function 0x220408 of the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference, requiring ...

PT-2024-17696 · Fabulatech · Fabulatech Usb Over Network

Name of the Vulnerable Software and Affected Versions: FabulaTech USB over Network version 6.0.6.1 Description: A problem was found in the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler, leading to null pointer dereference. The attack must be approached locally. The...

PT-2024-17534 · WordPress · Ar

Name of the Vulnerable Software and Affected Versions: AR for WordPress plugin for WordPress versions up to, and including, 7.3 Description: The issue is related to unauthorized double extension file upload due to a missing capability check on the set ar featured image function. This allows...

PT-2024-17397 · WordPress · Wp System

Name of the Vulnerable Software and Affected Versions: WP System plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the generate wp system page content function. This allows...

PT-2024-35770 · Jsfinder · Jsfinder

Name of the Vulnerable Software and Affected Versions: JSFinder version d70ab9bc5221e016c08cffaf0d9ac79646c90645 Description: The issue concerns a Directory Traversal vulnerability in the find by file function. This allows for potential unauthorized access to files outside the intended directory...